Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 16:36:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[CSRSRV] CsrSetProcessSecurity(): Check 1st NtQueryInformationToken() result (#2862)

Browse source 
Also:
* Add 1 NtClose(hToken), in an error case.
* Do not call RtlFreeHeap(..., ..., NULL).

Follow-up to #2857.
This commit is contained in:
Serge Gautherie 2020-06-01 13:17:29 +02:00 committed by GitHub
parent 64fea1dbd0
commit 4425bd8db3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
subsystems/win32/csrsrv/init.c
View file

@ -74,12 +74,18 @@ CsrSetProcessSecurity(VOID)
if (!NT_SUCCESS(Status)) goto Quickie;
/* Get the Token User Length */
NtQueryInformationToken(hToken, TokenUser, NULL, 0, &Length);
Status = NtQueryInformationToken(hToken, TokenUser, NULL, 0, &Length);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
NtClose(hToken);
goto Quickie;
}
/* Allocate space for it */
TokenInfo = RtlAllocateHeap(CsrHeap, HEAP_ZERO_MEMORY, Length);
if (!TokenInfo)
{
NtClose(hToken);
Status = STATUS_NO_MEMORY;
goto Quickie;
}
@ -153,7 +159,7 @@ CsrSetProcessSecurity(VOID)
/* Free the memory and return */
Quickie:
if (ProcSd) RtlFreeHeap(CsrHeap, 0, ProcSd);
RtlFreeHeap(CsrHeap, 0, TokenInfo);
if (TokenInfo) RtlFreeHeap(CsrHeap, 0, TokenInfo);
return Status;
}